LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page UDP port 1900 flooding network? - Expert Advice Needed
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-15-2007, 01:13 PM   #1
tbeehler
Member
 
Registered: Aug 2003
Location: Washington State, USA
Distribution: Mainly RH 9.0
Posts: 227

Rep: Reputation: 30
UDP port 1900 flooding network? - Expert Advice Needed

I have a very odd issue. Recently, I had my proxy server flood my network with udp traffic from port 1900 to ip address 239.255.255.250. In other words, when I went into iptraf, it said publicipaddress:12250 to 239.255.255.250:1900. It would flood the network with 100,000 packets within a few seconds. When I unplugged the network cable to the proxy server, of course, it all stopped. So, I feared an attack and replaced the proxy server with a hardware router temporarily, but the issue came back and again, flooded my network with this traffic. I replaced the proxy server with a different server and the problem went away. Was this a DOS attack? How can I tell if I was attacked? I didn't see anything that stood out too much in the log files, but I'm far from a guru for looking for little nuances of evidence of an attack.

Is it possible that it was all coincidental? Perhaps a UPNP bug within my network on one of the workstations? Everyone I've asked in my community is stumped, so I thought I'd check here and see what you all thought. Thanks in advance.
 
Old 03-18-2007, 08:24 PM   #2
tbeehler
Member
 
Registered: Aug 2003
Location: Washington State, USA
Distribution: Mainly RH 9.0
Posts: 227

Original Poster
Rep: Reputation: 30
No one? Anyone else have this problem or am I unfortunate enough to have found a whole new bug?
 
Old 03-18-2007, 08:48 PM   #3
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
It's probably windows xp broadcasting its ssdp stuff. Have a look at http://www.windowsnetworking.com/kba...Pport1900.html and http://www.grc.com/port_1900.htm for more information. I have the ssdp discovery service disabled on all the windows xp boxes I'm responsible for here...
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What is UDP port & hardware address of my network card?? coolblue Linux - Networking 3 09-19-2007 10:33 PM
hardware firewall port policy advice needed Chris594 Linux - Security 2 02-15-2007 07:23 AM
moving linux and expert advice needed mrgreaper Linux - Newbie 4 02-06-2007 08:48 AM
USB Wireless Network Advice Needed MCD_Thom Linux - Wireless Networking 1 07-11-2005 06:48 PM
Advice needed for network setup. neocookie Linux - Networking 1 05-16-2005 04:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:22 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration